Ransomware an 'Equal-Opportunity Extortion Attempt'

Ransomware an ‘Equal-Opportunity Extortion Attempt’

By Donald Stotts

STILLWATER, Okla. – Recent widespread ransomware attacks hit computers
in more than 150 countries, but the malicious practice itself is not new
and given hackers ability to eventually work around security protocols –
if only for a short period – is unlikely to go the way of the
dinosaurs.

Rural or urban, it makes no difference. Call it
equal-opportunity extortion, as likely to hit a cattle producer as a
homeowner in more densely populated communities. Ransomware is a term
for malware that infects computers and attempts to extort money from the
user by holding the files and data for ransom.

“In most cases,
the data is encrypted in such a way as to make it no longer readable
without the encryption key,” said Scott Wilson, a web developer with
Oklahoma State University’s Division of Agricultural Sciences and
Natural Resources. “The user is presented with instructions on how to
pay the ransom. However, sometimes it is possible to decrypt the files
and sometimes it isn’t. For various reasons, some of the criminals doing
this either don’t provide the key after payment or provide an incorrect
one.”

Ransomware has existed for several years; however, its
incidence exploded in the latter half of 2015 and the first half of
2016. Wilson said the primary reason for this explosion is that it has
become the single most profitable form of malware in use.

“McAfee’s Q2 2016 security report told the story of a Russian gang of
malware developers who made more than $120 million in the first six
months of 2016,” he said. “Even allowing for costs of distributing the
malware, their profit was probably more than $90 million.”

With
such profits possible, there is significant incentive for cybercriminals
to continue developing new forms of ransomware and new ways of
distributing the malware. Currently, variants of ransomware exist for
Windows, Linux and MacOS systems.

“Windows variants are the most
common but the others are growing,” Wilson said. “Mobile ransomware is
also a growing threat, with the number of infections doubling throughout
the last year.”

Protecting computer systems against ransomware

For ransomware, traditional antimalware tools don’t really help. They
can remove the ransomware but the files are still encrypted, and in most
cases, cannot be decrypted without the key. There are two recommended
courses of action to increase one’s “security protocols.”

“The first sounds simple but it is not necessarily so,” Wilson said. “Just don’t get infected.”

Most ransomware attacks come through email or malicious advertising.
For email, be extremely careful of attachments, especially zip files and
Word documents. For malicious ads, users should regularly update their
operating system, especially web browsers, PDF tools and MS Office, and
run a good real-time protection antimalware.

“The removal of
support for Flash and removal of Java browser plugins has significantly
reduced the number of attacks through these vectors; however, they
should not be ignored,” Wilson said.

Second, have a good
protected backup of your data. Wilson said online cloud backup is really
the only protection against this type of ransomware.

“The
various cloud backup services keep several versions of your data, so
even if your files have been encrypted, it should be possible to restore
unencrypted versions,” he said. “They also are able to defend against
most types of ransomware, so your backups should remain uncorrupted.”

Infection with ransomware will most likely result in complete data loss for users who do not employ this backup protocol.

Also, some new variants of ransomware have the ability to copy
themselves across network file shares, meaning that if one computer in
an office became infected, soon all of them would be.

“This
means that backups made to external hard drives, thumb drives and so on
would be vulnerable to infection or could spread the infection
themselves,” Wilson said.